CVE-2018-1000136
HIGH EXPLOITED RANSOMWAREElectron 1.7.0-1.7.12, 1.8.0-1.8.3, 2.0.0-beta.0-2.0.0-beta.3 - RCE via Webview Node Integration Bypass
Title source: llmExploitation Summary
CVE-2018-1000136 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.
Description
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.
References (2)
Core 2
Core References
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://www.electronjs.org/blog/webview-fix
Exploit, Third Party Advisory x_refsource_misc
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/
Scores
CVSS v3
8.1
EPSS
0.0478
EPSS Percentile
90.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2020-02-25
Ransomware Use
Confirmed
CWE
CWE-20
Status
published
Products (3)
electronjs/electron
2.0.0 (5 CPE variants)
electronjs/electron
1.7.0 - 1.7.12
npm/electron
1.7.0 - 1.7.13npm
Published
Mar 23, 2018
Tracked Since
Feb 18, 2026